Sponsor

In a previous post we’ve seen how to Enable automatic security update in Debian/Ubuntu, I use it on my Debian VPS and I must say that I’ve forgot to be worried about security updates thanks to this, but perhaps you have a Red Hat 6 or Centos 6 and you want to sleep well as well ?

There is no problem, today we’ll see how to achieve the same result on a Centos 6 machine.

Install yum-cron

The package that allows us to do automatic updates via yum is yum-cron, to do this just open a terminal as root and run the command:

yum-yinstall yum-cron

By default, this software is configured to download all the updates and apply them immediately after downloading, but we can change these behaviors in its configuration file /etc/sysconfig/yum-cron the parameters that we can change are these 2:

# Don't install, just check (valid: yes|no)CHECK_ONLY=no
# Don't install, just check and download (valid: yes|no)# Implies CHECK_ONLY=yes (gotta check first to see what to download)DOWNLOAD_ONLY=no

In my opinion the default is good for what i want to achieve, download and install all the updates, if you just want a mail that tell you which packages are available set the parameter CHECK_ONLY to yes, this will NOT download the updates but will just check if there are updates and will send an email to the root account if there is something that can be updated.

You can set the parameter MAILTO to a valid mail address, by default this parameter is not set:

# by default MAILTO is unset, so crond mails the output by itself# example: MAILTO=rootMAILTO=

And now, before enabling the automatic updates keep in mind 2 things related to Centos/Red Hat:

1) The packages for these distribution don’t give exact information about security, so what we can do is an automatic update of the whole system, not just security like Debian.

2) Due to point number 1, this will update every single in your system, so it’s important that as first thing you setup correctly the packages that should not be automatically updated.

Block packages from being automatically updated in Centos

There are 2 ways to get this goal:

– If you want to exclude some packages from being updated also when you issue a yum update from the command line you can set the option exclude in the file /etc/yum.conf , with something like this:

exclude=kernel* php*

– If you want to exclude some packages only from the automatic update you can edit the file /etc/sysconfig/yum-cron and set the option YUM_PARAMETER with -x packagename, you have to repeat the -x for every package that you want to exclude, such as:

YUM_PARAMETER="-x kernel* -x php*"

You should then run a ‘yum update’ to make sure you’re currently up to date. This will also show you that there are no conflicts. Remember, if there are conflicts yum won’t be able to update. This means that yum-cron won’t be able to auto update you either.

To open and edit this file execute the following command:
nano /etc/sysconfig/yum-cron

When the file is open in Nano look for this part:

# you may set DAYS_OF_WEEK to the days of the week you want to run
# default is every day
#DAYS_OF_WEEK="0123456"

Changing the number will set certain days. 0 = Sunday, 1 = Monday, 2 = Tuesday, etc… Set the value to “0” to cron every Sunday.
# you may set DAYS_OF_WEEK to the days of the week you want to run
# default is every day
#DAYS_OF_WEEK="0"

Thanks for update.Actually we had needed a specific time in weekend to run and send mail to us for this purpose I have moved the file from /etc/cron.daily/0yum.cron to /etc/cron.d/0yum.cron and made changes as per my requirement. It is working fine. Ok we will check the solution which you provide.
# crontab -l
0 2 * * 6 /etc/cron.d/0yum.cron